tbarnouin/nixos-hypervisor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Remove microvm and correct build for nginx

Browse source
This commit is contained in:
Théo Barnouin 2025-04-04 14:09:58 +02:00
parent 126dd2cf53
commit 64986d2883
3 changed files with 28 additions and 184 deletions
Download patch file Download diff file Expand all files Collapse all files

121
flake.nix
View file

@ -7,10 +7,6 @@
url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
microvm = {
url = "github:astro/microvm.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
crowdsec = {
url = "git+https://codeberg.org/kampka/nix-flake-crowdsec.git";
inputs.nixpkgs.follows = "nixpkgs";
@ -22,7 +18,6 @@
self,
nixpkgs,
home-manager,
microvm,
agenix,
crowdsec,
...
@ -34,73 +29,36 @@
pkgs = import nixpkgs {inherit system;};
in {
nixosConfigurations = {
nixmox-curiosity = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
agenix.nixosModules.default
./hosts/nixmox-curiosity/configuration.nix
{
networking.hostName = "nixmox-curiosity";
}
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.${username} = import ./hosts/nixmox-curiosity/home.nix;
}
microvm.nixosModules.host
{
microvm = {
autostart = [];
vms = {};
};
}
];
specialArgs = {
inherit inputs;
inherit username;
inherit proxy_host;
inherit pgsql_host;
inherit system;
};
};
nginx = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
agenix.nixosModules.default
crowdsec.nixosModules.crowdsec-firewall-bouncer
({ pkgs, lib, ... }: {
nixpkgs.overlays = [crowdsec.overlays.default];
{
services.crowdsec-firewall-bouncer = {
enable = true;
settings = {
api_key = "secret_api_key";
api_url = "http://localhost:8080";
};
package = inputs.crowdsec.packages."x86_64-linux".crowdsec-firewall-bouncer;
};
})
}
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
"${inputs.self}/systems/minimalLXCConfig.nix"
"${inputs.self}/services"
"${inputs.self}/modules"
{
networking.hostName = "nginx";
services = {
vm_nginx = {
enable = true;
};
crowdsec-firewall-bouncer = {
enable = true;
};
crowdsec = {
enable = true;
package = pkgs.crowdsec;
autoUpdateService = false;
settings = {
general = {
api = {
server = {
enable = false;
#listen_uri = "127.0.0.1:8080";
};
};
prometheus.listen_addr = "0.0.0.0";
@ -126,30 +84,11 @@
type = "syslog";
};
}
{
source = "file";
labels = {
type = "syslog";
};
}
];
};
};
};
systemd.services.crowdsec.serviceConfig = {
ExecStartPre = let
script = pkgs.writeScriptBin "register-bouncer" ''
#!${pkgs.runtimeShell}
set -eu
set -o pipefail
if ! cscli bouncers list | grep -q "my-bouncer"; then
cscli bouncers add "my-bouncer" --key "secret_api_key"
fi
'';
in ["${script}/bin/register-bouncer"];
};
networking.hostName = "nginx";
}
];
};
@ -215,21 +154,22 @@
}
];
};
# template = nixpkgs.lib.nixosSystem {
# inherit system;
# modules = [
# agenix.nixosModules.default
# "${inputs.self}/systems/minimalVMConfig.nix"
# {
# networking.hostName = "nixos";
# }
# ];
# };
template = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
agenix.nixosModules.default
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-image.nix"
"${inputs.self}/systems/minimalVMConfig.nix"
{
networking.hostName = "nixos";
}
];
};
jellyfin = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
agenix.nixosModules.default
microvm.nixosModules.microvm
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-image.nix"
"${inputs.self}/systems/minimalVMConfig.nix"
"${inputs.self}/services"
{
@ -271,31 +211,6 @@
}
];
};
grafana = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
agenix.nixosModules.default
microvm.nixosModules.microvm
"${inputs.self}/systems/minimalMicrovmConfig.nix"
"${inputs.self}/services"
{
services.vm_grafana = {
enable = true;
vm_ip = "192.168.1.27";
proxy_ip = proxy_host;
pgsql_ip = pgsql_host;
};
services.micro_vm = {
enable = true;
hostname = "grafana";
vm_ip = "192.168.1.20";
vm_cpu = 1;
vm_mem = 512;
macAddr = "02:00:00:00:00:20";
};
}
];
};
};
};
}